The structure of an Internet Protocol data packet has a header block and a data block. The header block has a source IP address, a destination IP address, and other fields. The source and destination IP addresses are entirely made up by a sender, and hence there is no assurance to the receiver of a data packet that these are genuine. This has been the basis for many types of security weakness as have been well described in the trade literature and news items.
To provide security of the data packet, the data part is encrypted by the sending computer and decrypted by the receiving computer. As means of security, filters have also been used to filter the contents of data packets based on signatures representing known anomalies, such as a virus, worm etc. Such filters are used in the host and may be used in gateway routers as well.
Defensive techniques of packet flow traffic analysis are used to discern anomalous rate of packet flow by comparing them with the normal traffic flow patterns. These techniques have been given the names of Intrusion Detection and Prevention Systems (IDS/IPS) by the information security industry.
In spite of these defenses, based on published news items, unknown or harm-causing packets may still be introduced in the network. If there is no prior signature for a known anomaly, then it is not possible to filter data packets. Hence the harm intentioned packets are indistinguishable from other packets and cannot be separated based on the content of the packet, either in the header or the data. The IDS and filter are cumbersome and many times ineffective techniques of computer network defense and more effective and sophisticated systems and methods of computer network defense are required.
It is an objective of this invention to provide more effective and sophisticated systems and methods of computer network defense.